Time has come to open one of those attachments?

Discussion in 'other security issues & news' started by Frankfree, May 12, 2019.

  1. Frankfree

    Frankfree Registered Member

    Joined:
    May 3, 2011
    Posts:
    83
    I have received a lot lot emails with attachments that I know should contain some sort of virus

    I want to open them now does comodo help me open them in a way that it does not harm mysystem?

    I have comodo firewall but nothing called sandboxie
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,343
    If you're sure they contain a virus, why you open them? That's just asking for trouble.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,966
    Buy an old used PC to play on.

    And put it on a LAN by itself.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,403
    Location:
    Here
    I used VirtualBox in past for testing purposes. Also it depends on what you want to achieve by opening those attachments. Do you just want to see what happens or do you want to test your defenses?
     
  5. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,514
    Comodo Firewall has an on-demand sandbox (and you can activate the auto sandbox if you so desire).

    comodo .png
     
  6. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,063
    If you don't know the first thing about virus testing, you should just get rid of such emails.
     
  7. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    490
    If you have Windows 10 Pro you could always join the Insider program and use Windows Sandbox.
     
  8. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    916
    Location:
    Member state of European Union
    There is something as network segmentation and firewall...
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,966
    Sure, but what you don't know may bite you.
     
  10. Frankfree

    Frankfree Registered Member

    Joined:
    May 3, 2011
    Posts:
    83
    Is there any tutorial on who to set this up correctly so I do not get into trouble?
    Also is this like a virtualbox ? As safe as virtualbox?
     
  11. guest

    guest Guest

    Help file has all the information needed
    No, Vbox is a virtual machine, means you setup a full guest OS in it and it won't interact with the host OS (unless you do so) .
    A sandbox is just a software that isolate some known vulnerable areas of the system from the rest.

    Willingly testing malware on a sandbox is silly and potentially risky.
    VMs are better suited for that.
    Personally I test malware/open suspicious files on a testing machine, no way I run any of them on my daily system with VM or not.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,966
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,355
    1 There are various ways to configure and tweak Comodo, some more secure than others.

    2 If you received an email attachment that you aren't sure about, it is likely to be a PFD or an Office document. You could start up the relevant program -- for instance, Microsoft Word -- in Comodo sandbox, and then open the attachment from within that sandboxed program. This is more secure than just clicking on the attachment.

    3 Obviously, none of the above is a proper way to do actual malware testing. But it can help with files that you are not sure about. The degree of risk involved has a lot to do with how you configured Comodo, and what type of file you are handling.
     
  14. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    98
    Depending on the sophistication of the virus, it may be pointless to open sandboxed or in a VM. Virus makers are starting to run tests on the environment they are launched in. If they detect a sandbox, VM or even debugger, they exit without decrypting the payload. Basically, this type of virus looks around to see if the "coast is clear" before revealing itself as a virus.
    Search "DeepLocker" for more info.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,966
    That's why it's best to use a disposable machine. You can start each time with a fresh system restore. And even reflash all the firmware. That won't catch everything, but arguably enough for routine testing. And as I said, on an isolated LAN.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.